Yes, exactly that. That's why I highlighted the risk of someone looking in the right spot at the right time.
> the pw will be sent in the request body as plaintext on a post
Which is how every single login form in the world works, today, for this very reason.
Yes, exactly that. That's why I highlighted the risk of someone looking in the right spot at the right time.
> the pw will be sent in the request body as plaintext on a post
Which is how every single login form in the world works, today, for this very reason.